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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address « 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
eamed patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 18 December 2001 . 
2a)n This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for fomnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1,2,4-8,1 4-20,22-24 and 26-29 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IEI Claim{s) 1,2,4-8, 14-20.22-24 and 26-29 is/are rejected. 

7) ^ Claim{s) 7 is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 19 April 2002 is/are: a)S accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)n approved b)n disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) 0 The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

aOAII bO Some*c)n None of: 

1 .Q Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

1 5) S Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
Attachment(s) 

1 ) S Notice of References Cited {PTO-892) 4) □ Inten^ew Summary (PTO-413) Paper No(s). . 

2) n Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) [H Notice of Informal Patent Application (PTO-152) 

3) ^ Information Disclosure Statement(s) (PTO-1449) Paper No(s) 3 . 6) □ Other: 
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Art Unit: 2184 

MQN-FOMAL OFFICIAL ACTION 



Status of the Claims 

Claims 1,2, 4-8, 14-20, 22-24 and 26-27 are rejected under Double Patenting. 
Claims 1 ,4-6, 8, 14-19, 22, 24, 26. 28 and 29 are rejected under 35 USC §102. 
Claims 2, 14, 20, 23, 25 and 27 are rejected under 35 USC §103(a). 
Claim 7 is objected to while containing allowable matter. 



Obvious-type Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. See In re Goodman, 11 
F.3d 1046, 29 USPQ2d2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 
USPQ645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 
1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970);and, In re Thorington, 
418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1 .130(b). 

Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 

Claims 1 , 2, 4-8, 14-20, 22-24 and 26-27 are rejected under the judicially created 
doctrine of obviousness-type double patenting as being unpatentable over claims 1-33 
of U.S. Patent No. 6,408,404. Although the conflicting claims are not identical, they are 



not patentably distinct from each other. 
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Claims 1-33 of United States Patent No. 6,408,404 do not recite claim the 
direction by ttie presence found in claims 1, 2, 4-8, 14-20, 22-24 and 26-27 of the 
pending application. In a computer system designed to gather large amounts of varied 
data it is well known in the art guide the gathering of data so as to gather only the data 
needed. This is due to the sheer the quantity of data on a network. When a system 
attempts to simple gather all data it can often become overloaded and begin to miss 
needed data. Thus it would have been obvious to one of ordinary skill in the art at the 
time of invention to implement the direction by the presence sucli as passing the 
parameters of a filter to a gatherer in order ensure the needed data is gathered. 

Claims 20-33 of United States Patent No. 6,408,404 do not recite claim the 
requirement for heterogeneous data found in claims 1 , 2, 4-8. 14-20, 22-24 and 26-27 of 
the pending application. Network data is well known to be a heterogeneous mix of 
information ranging from IP addresses, ECC coding, time stamps and other items. 
Thus it would have been obvious to one of ordinary skill in the art to data that was 
heterogeneous in nature, as the network itself transmits data in a heterogeneous form. 

Rejections under 35 (JSC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
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A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed In the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1, 2, 4, 8 and 15-19 are rejected under 35 U.S.C. 102(e) as being 
anticipated by McCreery. 

As per claim 1, McCreery discloses: 

gathering heterogeneous data (column 4, lines 48-63; column 5, lines 1-10), as 
directed by the presence (column 4, lines 55-56; column 4, lines 45-47 means to 
configure a filter) at two or more remote computers (column 4, lines 8-18) and placing 
the gathered data in a data stream and fonvarding the data stream to the presence 
(column 4, lines 63-65). 

receiving at least one data stream at a computer, the data stream including data 
representative of events (column 4, lines 41-43 and 58-67); 

applying rules to the data stream for sorting data representative of events and for 
taking an action based on a specific event (column 4, lines 44-57). 

As per claim 4, McCreery discloses: wherein said gathering step is performed by 
an agent (column 4, lines 35-63 the network interface is an agent as it works on behalf 
of the analyzer). 

As per claim 5, McCreery discloses: hunting for predetermined data at a remote 
location and placing the hunted data in a data stream and fonA/arding the data stream to 
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the computer (the IP addresses of packets filtered by McCreery contain data stored at a 
remote location). 

As per claim 6, McCreery discloses: the hunting is carried out by agents (column 
4, lines 35-63 the network interface is an agent as it works on behalf of the analyzer). 

As per claim 8, McCreery discloses: wherein the at least one data stream 
includes message traffic (column 2, lines 1 1-20). 

As per claim 15, McCreery discloses: wherein an event is comprised of at least 
one of the following elements: types, title, datetime, keywords, summary priority and 
duration (Figure 5b-1). 

As per claim 16, McCreery discloses: wherein a rule includes a criteria 
component and an action component (column 5, lines 47-57: Action-"notification", 
Criteria: "exceeds predetermined thresholds"). 

As per claim 17, McCreery discloses: wherein the criteria component includes at 
least one criteria statement and to satisfy a rule either all, any or none of the at least 
one criteria statements need to be satisfied. As McCreery shows, once the network 
exceeds a threshold (satisfies a rule criteria) action is takes (column 5, lines 52-57). 

As per claim 18, McCreery discloses: at least one action is taken if the at least 
one rule is satisfied (column 5, lines 43-57). 

As per claim 19, McCreery discloses: wherein the data in the event data stream 
is received in a standardized format (Figure 5c, Ethernet format). 
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Claim 22 is rejected in the manner of claim 1, as claim 22 is the article of 
manufacture embodiment of the method claim 1. 

Claim 24 Is rejected in the manner of claim 1, as claim 24 is the computer 
architecture embodiment of method claim 1. 

Claim 26 is rejected in the manner of claim 1 , as claim 26 is the computer system 
embodiment of method claim 1 . 

As per claim 28, McCreery discloses: 

wherein said gathering step includes collecting/gathering data at two or more 
remote computes (column 6, lines 41-46). 
As per claim 29, McCreery discloses: 

wherein said gathering and receiving step are preformed in real-time. McCreery 
discloses the use of a hardware device (that is a network device in promiscuous mode) 
taking data off of a network. As the network device is operating at a high speed and 
immediately processing the network data s soon as it is placed on the network, it is a 
real-time system. 

Rejections under 35 USC §1 03(a) 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 
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Claims 2. 14. 20. 23, 25. 27 and 29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over McCreery. 

As per dependant claim 2, McCreery does not explicitly teach displaying the 
events in a timeline. McCreery does disclose the gathering and formatting of the 
information required to generate a timeline. Further, McCreery does specifically 
discloses the data is used to generate charts and graphs. Additionally, McCreery 
teaches the display of data in chronological order (Figures 5 and 7). A timeline provides 
easy user access to information in chronological order. Thus it would have been 
obvious to one of ordinary skill in the art at the time of invention to use the gathered 
information of McCreery to display a timeline. 

As per claim 14, McCreery does not explicitly disclose: filing (storing) the sorted 
information in separate data stream files. McCreery does store data which has been 
modified and raw data, however does state that the data is stored separately. Given 
the purpose of creating the modified data is to "avoid redundant storage of the same 
data" (column 5, lines 30-35). Therefore it is clear McCreery is storing multiple sets of 
data. Thus it would have been obvious to one of ordinary skill in the art at the time of 
invention to store the sorted information separately from other information thus allowing 
easy access to the filtered information. 

As per claim 20, McCreery discloses: displaying an event stream using 
information stored in stored stream files (column 5, lines 31-43, Figures 5). 

Claim 23 is rejected in the manner of claim 2, as claim 23 is the article 
embodiment of the method claim 2. 
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Claim 27 is rejected in the manner of claim 2, as claim 27 is the computer system 
embodiment of method claim 2. 

As per claim 29, McCreery discloses: 

wherein said gathering and receiving step are preformed in real-time. McCreery 
discloses the use of a hardware device (that is a network device in promiscuous mode) 
taking data off of a network. As the network device is operating at a high speed and 
immediately processing the network data s soon as it is placed on the network, it is a 
real-time system. 

Allowable Matter 

Claims 7 is objected to while containing allowable matter. 

The following is a statement of reasons for the indication of allowable subject 
matter: McCreery does not disclose: normalizing data before the data is placed in the 
stream in combination with all the remaining limitations of the claims. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Bryce P Bonzo whose telephone number is (703)305- 
4834. The examiner can normally be reached on Monday through Friday from 5:30AM 
to 2:00PM. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Robert Beausoliel, can be reached on (703) 305-9713. For facsimile 
transmission: 

After-final (703) 746-7238 

Official (703) 746-7239 

Non-Official/Draft (703) 746-7240 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 
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